In the context of web resources to allow or block, the traditional approach has been to block the bad. That’s blacklisting. It is the ideology of allow everything, block some.

Whitelisting, on the other hand is the opposite ideology: block everything, allow some.

This infographic is not controversial in nature, but there are legitimate reasons why whitelisting has not gained traction. However, let’s examine a few real-life examples where the trend towards whitelisting is succeeding.

iOS AppStore
While criticism over a curated AppStore has never stopped, the end result is undeniably a safer mobile app ecosystem for the normal user.

“AppLocker contains new capabilities and extensions that allow you to create rules to allow or deny applications from running based on unique identities of files and to specify which users or groups can run those applications.”

Essentially, this is an accepted and recommended solution that whitelists executable applications in business versions of Windows, and many systems administrators literally use this approach insted of anti-virus protection, with great success!

It is only logical that DNS-based whitelisting for Internet-based resources would also be filtered using a whitelist method. It has not been widely deployed in the past due to the onboarding effort. This is where DNSthingy helps with the whitelist ecosystem including DNSthingy Whitelist Assistant Google Chrome Extension, real-time logging visibility, Whitelist Subscriptions (for sites with dependencies such as YouTube, Google, Facebook, etc.), learning mode for businesses who deploy in passive mode for 60-90 days in order to gain an organic whitelist suitable for their own enterprise.

So if you’ve wanted to give whitelisting a try, now there’s a simple and free way to try it out!

Next time you accidentally type .om instead of .com in your browser, beware of malware. A new scam targets URL typos and tries to install dangerous software on your computer.

If you want to protect your entire network from this, simply go from OFF to ON in your DNSthingy.com/dashboard:

Now if you mistype yourcompany.com as yourcompany.om in the browser URL, you’ll be protected like this:

Of course, if you need to visit legitimate websites that use the .om extension, those can easily be added to a rainbow list. One of the frequent uses of a rainbow list is to create an “exception to the rule”.

iOS apps, especially with little children, are often completely unusable unless the ads and trackers are all blocked. Many parents are used to putting an app in airplane mode before letting kids play. Unfortunately that disqualifies all apps that require connectivity.

DNSthingy ad-blocking disabled:

DNSthingy ad-blocking enabled:

While Apple has their own iAd ecosystem, many mobile apps use alternate ad providers (mopub is a popular one), which are already blocked in our default blacklists.

But to have a truly beautiful iOS app experience and cover all the bases, follow these steps for the ruleset applied to your iOS devices:

The blacklist above does not include hosts that prevent services from working.

Now you want to create a separate list (Dashboard -> Manage Rules -> My Lists -> Create a List -> blacklist) called iAds and include these hosts:

iadsdk.apple.com
iad.apple.com

Finally, go to your Ruleset and turn it on like this:

Note: blocking Apple iAds will prevent iTunes radio (does anyone still listen to that?) from working as well as the occasional tracked ad. For most subscribers, this is a small price to pay for a superior iOS app experience.

In many parts of the world, even the western world, bandwidth is expensive. One of our subscribers is out in the “middle of nowhere” as they call it, far away from any affordable fibre, DSL or cable, and the only connectivity option is a metered LTE connection.

It didn’t take long to find out that their $1,100+/month bill came from the video content being consumed by the 30+ stone quarry labourers near the office during their breaks and lunches. As probably is common in many parts of the world, they were browsing YouTube, Netflix and Facebook.

The owners felt they had two basic options:

Disallow staff the usage of WiFi altogether. This would have an impact on morale and may not be an effective move.

Disallow the bandwidth-consuming services and explain to the staff the high cost of bandwidth in this geographic region.

They chose the latter option, and it was literally as simple as creating a DNSthingy black list with these domains in a list called Bandwidth hogs:
youtube.com
netflix.com
netflix.net
video-ord1-1.xx.fbcdn.net
lp.longtailvideo.com
cdn.liveleak.com

However, the owners wanted to naturally exempt themselves from this blacklist, so they simply created two rulesets as follows:

Ruleset

How it's used

For which devices

#1

Bandwidth hogs blacklist applied

Ruleset applies to all devices as well as new ones by default (i.e. when a new wifi device joins for the first time)

#2

Bandwidth hogs blacklist not applied

Ruleset applies to owners' devices

On the DNSthingy dashboard, here’s how it looks now:

Explanation

How it looks

Block the bad (ruleset used by default)

Business Owners (ruleset applied to owners' devices)

This is how it looks when rulesets are assigned (under Dashboard -> Manage Network -> Devices):

This subscriber is going to save an estimated $10,000 in bandwidth costs this year based on the above steps.

This approach still allows for general Facebook access, but the videos do not play and therefore bandwidth is saved.

This blacklist is available for you to subscribe to, so when domains are added to it in the future, you automatically benefit. Once you’re logged into your own dashboard, simply visit:

You will then need to Subscribe (inherit changes by the author, yours truly), or Make a copy (manage your own changes in the future) as shown in this screenshot:

If you have a favourite list of your own, you can use the share feature (available on any list in your account) and share the URL with others to subscribe. A public-facing site for those that want to share their list is in development.